Linux-libre 4.3.2-gnu

author: André Fabian Silva Delgado <emulatorman@parabola.nu> 2015-12-15 14:52:16 -0300
committer: André Fabian Silva Delgado <emulatorman@parabola.nu> 2015-12-15 14:52:16 -0300
commit: 8d91c1e411f55d7ea91b1183a2e9f8088fb4d5be (patch)
tree: e9891aa6c295060d065adffd610c4f49ecf884f3 /include/linux/cred.h
parent: a71852147516bc1cb5b0b3cbd13639bfd4022dc8 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 8b6c083e6..8d70e1361 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -137,6 +137,7 @@ struct cred {
 	kernel_cap_t	cap_permitted;	/* caps we're permitted */
 	kernel_cap_t	cap_effective;	/* caps we can actually use */
 	kernel_cap_t	cap_bset;	/* capability bounding set */
+	kernel_cap_t	cap_ambient;	/* Ambient capability set */
 #ifdef CONFIG_KEYS
 	unsigned char	jit_keyring;	/* default keyring to attach requested
 					 * keys to */
@@ -212,6 +213,13 @@ static inline void validate_process_creds(void)
 }
 #endif
 
+static inline bool cap_ambient_invariant_ok(const struct cred *cred)
+{
+	return cap_issubset(cred->cap_ambient,
+			    cap_intersect(cred->cap_permitted,
+					  cred->cap_inheritable));
+}
+
 /**
  * get_new_cred - Get a reference on a new set of credentials
  * @cred: The new credentials to reference
author	André Fabian Silva Delgado <emulatorman@parabola.nu>	2015-12-15 14:52:16 -0300
committer	André Fabian Silva Delgado <emulatorman@parabola.nu>	2015-12-15 14:52:16 -0300
commit	8d91c1e411f55d7ea91b1183a2e9f8088fb4d5be (patch)
tree	e9891aa6c295060d065adffd610c4f49ecf884f3 /include/linux/cred.h
parent	a71852147516bc1cb5b0b3cbd13639bfd4022dc8 (diff)